Examples with IdentityProviderModel org.keycloak.models.IdentityProviderModel used on opensource projects

Example 6 with IdentityProviderModel

use of org.keycloak.models.IdentityProviderModel in project keycloak by keycloak.

the class AbstractOAuth2IdentityProviderTest method getConfig.

private OAuth2IdentityProviderConfig getConfig(final String autorizationUrl, final String defaultScope, final String clientId, final Boolean isLoginHint) {
    IdentityProviderModel model = new IdentityProviderModel();
    OAuth2IdentityProviderConfig config = new OAuth2IdentityProviderConfig(model);
    config.setAuthorizationUrl(autorizationUrl);
    config.setDefaultScope(defaultScope);
    config.setClientId(clientId);
    config.setLoginHint(isLoginHint);
    return config;
}

Example 7 with IdentityProviderModel

use of org.keycloak.models.IdentityProviderModel in project keycloak by keycloak.

the class AbstractOAuth2IdentityProviderTest method constructor_defaultScopeHandling.

@Test
public void constructor_defaultScopeHandling() {
    TestProvider tested = getTested();
    // default scope is set from the provider if not provided in the configuration
    Assert.assertEquals(tested.getDefaultScopes(), tested.getConfig().getDefaultScope());
    // default scope is preserved if provided in the configuration
    IdentityProviderModel model = new IdentityProviderModel();
    OAuth2IdentityProviderConfig config = new OAuth2IdentityProviderConfig(model);
    config.setDefaultScope("myscope");
    tested = new TestProvider(config);
    Assert.assertEquals("myscope", tested.getConfig().getDefaultScope());
}

Example 8 with IdentityProviderModel

use of org.keycloak.models.IdentityProviderModel in project keycloak by keycloak.

the class OpenshiftV3IdentityProviderTest method shouldConstructProviderUrls.

@Test
public void shouldConstructProviderUrls() {
    final OpenshiftV3IdentityProviderConfig config = new OpenshiftV3IdentityProviderConfig(new IdentityProviderModel());
    config.setBaseUrl("http://openshift.io:8443");
    final OpenshiftV3IdentityProvider openshiftV3IdentityProvider = new OpenshiftV3IdentityProvider(null, config);
    assertConfiguredUrls(openshiftV3IdentityProvider);
}

Example 9 with IdentityProviderModel

use of org.keycloak.models.IdentityProviderModel in project keycloak by keycloak.

the class RepresentationToModel method toModel.

public static IdentityProviderModel toModel(RealmModel realm, IdentityProviderRepresentation representation, KeycloakSession session) {
    IdentityProviderFactory providerFactory = (IdentityProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(IdentityProvider.class, representation.getProviderId());
    if (providerFactory == null) {
        providerFactory = (IdentityProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(SocialIdentityProvider.class, representation.getProviderId());
    }
    if (providerFactory == null) {
        throw new IllegalArgumentException("Invalid identity provider id [" + representation.getProviderId() + "]");
    }
    IdentityProviderModel identityProviderModel = providerFactory.createConfig();
    identityProviderModel.setInternalId(representation.getInternalId());
    identityProviderModel.setAlias(representation.getAlias());
    identityProviderModel.setDisplayName(representation.getDisplayName());
    identityProviderModel.setProviderId(representation.getProviderId());
    identityProviderModel.setEnabled(representation.isEnabled());
    identityProviderModel.setLinkOnly(representation.isLinkOnly());
    identityProviderModel.setTrustEmail(representation.isTrustEmail());
    identityProviderModel.setAuthenticateByDefault(representation.isAuthenticateByDefault());
    identityProviderModel.setStoreToken(representation.isStoreToken());
    identityProviderModel.setAddReadTokenRoleOnCreate(representation.isAddReadTokenRoleOnCreate());
    identityProviderModel.setConfig(removeEmptyString(representation.getConfig()));
    String flowAlias = representation.getFirstBrokerLoginFlowAlias();
    if (flowAlias == null) {
        flowAlias = DefaultAuthenticationFlows.FIRST_BROKER_LOGIN_FLOW;
    }
    AuthenticationFlowModel flowModel = realm.getFlowByAlias(flowAlias);
    if (flowModel == null) {
        throw new ModelException("No available authentication flow with alias: " + flowAlias);
    }
    identityProviderModel.setFirstBrokerLoginFlowId(flowModel.getId());
    flowAlias = representation.getPostBrokerLoginFlowAlias();
    if (flowAlias == null || flowAlias.trim().length() == 0) {
        identityProviderModel.setPostBrokerLoginFlowId(null);
    } else {
        flowModel = realm.getFlowByAlias(flowAlias);
        if (flowModel == null) {
            throw new ModelException("No available authentication flow with alias: " + flowAlias);
        }
        identityProviderModel.setPostBrokerLoginFlowId(flowModel.getId());
    }
    identityProviderModel.validate(realm);
    return identityProviderModel;
}

Example 10 with IdentityProviderModel

use of org.keycloak.models.IdentityProviderModel in project keycloak by keycloak.

the class DefaultTokenExchangeProvider method exchangeToIdentityProvider.

protected Response exchangeToIdentityProvider(UserModel targetUser, UserSessionModel targetUserSession, String requestedIssuer) {
    event.detail(Details.REQUESTED_ISSUER, requestedIssuer);
    IdentityProviderModel providerModel = realm.getIdentityProviderByAlias(requestedIssuer);
    if (providerModel == null) {
        event.detail(Details.REASON, "unknown requested_issuer");
        event.error(Errors.UNKNOWN_IDENTITY_PROVIDER);
        throw new CorsErrorResponseException(cors, OAuthErrorException.INVALID_REQUEST, "Invalid issuer", Response.Status.BAD_REQUEST);
    }
    IdentityProvider provider = IdentityBrokerService.getIdentityProvider(session, realm, requestedIssuer);
    if (!(provider instanceof ExchangeTokenToIdentityProviderToken)) {
        event.detail(Details.REASON, "exchange unsupported by requested_issuer");
        event.error(Errors.UNKNOWN_IDENTITY_PROVIDER);
        throw new CorsErrorResponseException(cors, OAuthErrorException.INVALID_REQUEST, "Issuer does not support token exchange", Response.Status.BAD_REQUEST);
    }
    if (!AdminPermissions.management(session, realm).idps().canExchangeTo(client, providerModel)) {
        event.detail(Details.REASON, "client not allowed to exchange for requested_issuer");
        event.error(Errors.NOT_ALLOWED);
        throw new CorsErrorResponseException(cors, OAuthErrorException.ACCESS_DENIED, "Client not allowed to exchange", Response.Status.FORBIDDEN);
    }
    Response response = ((ExchangeTokenToIdentityProviderToken) provider).exchangeFromToken(session.getContext().getUri(), event, client, targetUserSession, targetUser, formParams);
    return cors.builder(Response.fromResponse(response)).build();
}